Author: markt
Date: Tue Apr 22 21:28:03 2014
New Revision: 1589295
URL: http://svn.apache.org/r1589295
Log:
Tomcat 8 uses Java 7 where RFC 5746 is supported in all versions so remove
unused/unnecessary code.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1589295&r1=1589294&r2=1589295&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Apr 22
21:28:03 2014
@@ -96,11 +96,6 @@ public class TestClientCert extends Tomc
@Override
public void setUp() throws Exception {
- if (!TesterSupport.RFC_5746_SUPPORTED) {
- // Make sure SSL renegotiation is not disabled in the JVM
- System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
"true");
- }
-
super.setUp();
Tomcat tomcat = getTomcatInstance();
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java?rev=1589295&r1=1589294&r2=1589295&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java Tue Apr 22
21:28:03 2014
@@ -97,12 +97,6 @@ public class TestCustomSsl extends Tomca
private void doTestCustomTrustManager(boolean serverTrustAll)
throws Exception {
- if (!TesterSupport.RFC_5746_SUPPORTED) {
- // Make sure SSL renegotiation is not disabled in the JVM
- System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
- "true");
- }
-
Tomcat tomcat = getTomcatInstance();
Assume.assumeTrue("SSL renegotiation has to be supported for this
test",
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1589295&r1=1589294&r2=1589295&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Tue Apr 22
21:28:03 2014
@@ -24,8 +24,6 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Reader;
-import javax.net.ssl.HandshakeCompletedEvent;
-import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
@@ -34,7 +32,6 @@ import static org.junit.Assert.assertTru
import static org.junit.Assert.fail;
import org.junit.Assert;
-import org.junit.Assume;
import org.junit.Test;
import org.apache.catalina.Context;
@@ -92,82 +89,13 @@ public class TestSsl extends TomcatBaseT
assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
}
- boolean handshakeDone = false;
-
- @Test
- public void testRenegotiateFail() throws Exception {
-
- // If RFC5746 is supported, renegotiation will always work (and will
- // always be secure)
- if (TesterSupport.RFC_5746_SUPPORTED) {
- return;
- }
-
- Tomcat tomcat = getTomcatInstance();
-
- File appDir = new File(getBuildDirectory(), "webapps/examples");
- // app dir is relative to server home
- tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
-
- TesterSupport.initSsl(tomcat);
-
- // Default - MITM attack prevented
-
- tomcat.start();
- SSLContext sslCtx = SSLContext.getInstance("TLS");
- sslCtx.init(null, TesterSupport.getTrustManagers(), null);
- SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
- SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost",
getPort());
-
- socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
- @Override
- public void handshakeCompleted(HandshakeCompletedEvent event) {
- handshakeDone = true;
- }
- });
-
- OutputStream os = socket.getOutputStream();
- os.write("GET /examples/servlets/servlet/HelloWorldExample
HTTP/1.0\n".getBytes());
- os.flush();
-
-
- InputStream is = socket.getInputStream();
-
- // Make sure the NIO connector has read the request before the
handshake
- Thread.sleep(100);
-
- socket.startHandshake();
-
- os = socket.getOutputStream();
-
- try {
- os.write("Host: localhost\n\n".getBytes());
- } catch (IOException ex) {
- ex.printStackTrace();
- fail("Re-negotiation failed");
- }
- Reader r = new InputStreamReader(is);
- BufferedReader br = new BufferedReader(r);
- String line = br.readLine();
- while (line != null) {
- // For testing System.out.println(line);
- line = br.readLine();
- }
-
- if (!handshakeDone) {
- // success - we timed-out without handshake
- return;
- }
-
- fail("Re-negotiation worked");
- }
@Test
public void testRenegotiateWorks() throws Exception {
Tomcat tomcat = getTomcatInstance();
- Assume.assumeTrue("SSL renegotiation has to be supported for this
test",
- TesterSupport.isRenegotiationSupported(getTomcatInstance()));
+ //Assume.assumeTrue("SSL renegotiation has to be supported for this
test",
+ // TesterSupport.isRenegotiationSupported(getTomcatInstance()));
File appDir = new File(getBuildDirectory(), "webapps/examples");
// app dir is relative to server home
@@ -216,13 +144,4 @@ public class TestSsl extends TomcatBaseT
}
}
}
-
- @Override
- public void setUp() throws Exception {
- if (!TesterSupport.RFC_5746_SUPPORTED) {
- // Make sure SSL renegotiation is not disabled in the JVM
- System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
"true");
- }
- super.setUp();
- }
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1589295&r1=1589294&r2=1589295&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue Apr 22
21:28:03 2014
@@ -23,15 +23,12 @@ import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
-import java.security.KeyManagementException;
import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
@@ -53,30 +50,6 @@ import org.apache.tomcat.util.descriptor
public final class TesterSupport {
- protected static final boolean RFC_5746_SUPPORTED;
-
- static {
- boolean result = false;
- SSLContext context;
- try {
- context = SSLContext.getInstance("TLS");
- context.init(null, null, null);
- SSLServerSocketFactory ssf = context.getServerSocketFactory();
- String ciphers[] = ssf.getSupportedCipherSuites();
- for (String cipher : ciphers) {
- if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
- result = true;
- break;
- }
- }
- } catch (NoSuchAlgorithmException e) {
- // Assume no RFC 5746 support
- } catch (KeyManagementException e) {
- // Assume no RFC 5746 support
- }
- RFC_5746_SUPPORTED = result;
- }
-
public static void initSsl(Tomcat tomcat) {
initSsl(tomcat, "localhost.jks", null, null);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
